Name: Erb, Erubi, Erubis Scanner

Erb, Erubi, and Erubis are Ruby templating engines commonly used in web applications for dynamic content generation. They are employed by developers to embed Ruby code in HTML or other document formats, facilitating the creation of complex web pages and applications. These engines are predominantly used in Ruby on Rails frameworks but can be utilized in other Ruby applications as well. Their ease of use and ability to execute Ruby code make them popular among developers who want to streamline web development processes. However, improper handling or unsanitized input can lead to security vulnerabilities. Understanding the usage of these engines is essential for developers to ensure secure code practices.

Server Side Template Injection (SSTI) occurs when user inputs are unsafely executed as part of the template rendering process, thus allowing an attacker to inject and execute arbitrary code on the server. This vulnerability impacts application security significantly, as it might lead to unauthorized actions being performed on the server. SSTI can be exploited by attackers to run commands, access sensitive information, or modify data within the scope of the server's permissions. Detecting such vulnerabilities is crucial as they can be a stepping stone to further compromises within the application environment. Identifying SSTI early helps mitigate potential threats posed by malicious actors exploiting templating engines.

The technical details of this vulnerability often involve injecting payloads through various user inputs, which are then processed by the vulnerable template engine. The vulnerable endpoint is usually a route handling user data that gets passed to the template engine without proper validation. Interaction with these parameters using specially crafted payloads can be employed to test the vulnerability's existence. In this case, injecting DNS or HTTP requests can help verify the existence of SSTI by forcing the server to perform out-of-band (OOB) interactions. The presence of such interactions would confirm that unsanitized data paths are being processed by the template engine.

If exploited, SSTI vulnerabilities can have severe effects, including unauthorized data exposure, server compromise, or lateral movement within the organization's network. An attacker could potentially execute remote commands, alter files, or escalate privileges. This not only undermines the security posture of the application but can also lead to reputational damage, data breaches, and financial losses. Organizations might face regulatory penalties and lose user trust if sensitive information is accessed or tampered with.

REFERENCES

• https://rubygems.org/gems/erb
• https://rubygems.org/gems/erubis
• https://medium.com/@0xAwali/template-engines-injection-101-4f2fe59e5756